summaryrefslogtreecommitdiff
path: root/krl.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2014-11-17 00:21:40 +0000
committerDamien Miller <djm@mindrot.org>2014-11-17 11:20:39 +1100
commit9f9fad0191028edc43d100d0ded39419b6895fdf (patch)
tree83a1dabec592abd8220ff622857d5e50d15e4c75 /krl.c
parentda8af83d3f7ec00099963e455010e0ed1d7d0140 (diff)
upstream commit
fix KRL generation when multiple CAs are in use We would generate an invalid KRL when revoking certs by serial number for multiple CA keys due to a section being written out twice. Also extend the regress test to catch this case by having it produce a multi-CA KRL. Reported by peter AT pean.org
Diffstat (limited to 'krl.c')
-rw-r--r--krl.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/krl.c b/krl.c
index eb31df90f..832ac8b0a 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */ 17/* $OpenBSD: krl.c,v 1.18 2014/11/17 00:21:40 djm Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -686,6 +686,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys,
686 686
687 /* Store sections for revoked certificates */ 687 /* Store sections for revoked certificates */
688 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { 688 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
689 buffer_clear(&sect);
689 if (revoked_certs_generate(rc, &sect) != 0) 690 if (revoked_certs_generate(rc, &sect) != 0)
690 goto out; 691 goto out;
691 buffer_put_char(buf, KRL_SECTION_CERTIFICATES); 692 buffer_put_char(buf, KRL_SECTION_CERTIFICATES);